Set up permission to access Web Dynpro applications using S_START
In-house role maintenance
It is important that after the AUTHORITY-CHECK OBJECT command is called, the return code in SY-SUBRC is checked. This must be set to 0; only then a jump is allowed.
The SAP authorization default values are the basis for role creation and are also the starting point for SAP authorization management. For this purpose, the SU22 SAP authorization default values must be transported via SU25 into the customer-specific SU24 tables. The consistency of the default values should therefore be checked beforehand using the SU2X_CHECK_CONSISTENCY report. If inconsistencies exist, they can be corrected using the report SU24_AUTO_REPAIR. Detailed information regarding the procedure can be found in SAP Note 1539556. In this way, you can not only clean up your SU24 values, but at the same time achieve a high-performance starting position for role and authorization administration.
Permissions with Maintenance Status Used
Thus, after evaluation, you can select all SAP hints with the status to implement and load directly into the Note Assistant (transaction SNOTE) of the connected system. This is only possible for a development system and if the SAP Solution Manager can use an appropriate RFC connection to the connected system. You should also consider the security advisories that apply to applications that are installed on your system but that you do not use productively. These vulnerabilities can also be used for an attack.
In the SCUA transaction, which you typically use to create or delete a ZBV distribution model, you can temporarily disable a subsidiary system. This option is disabled by default. To enable it, you must make changes in the customising of the PRGN_CUST table. Open the PRGN_CUST table either directly or via the customising in the SPRO transaction in the respective subsidiary system.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
Such connections can only be used to a very limited extent.
It is also necessary that the systems to be managed are connected to the SAP Solution Manager and that in the transaction SMSY were assigned to a productive system and an SAP solution.